Online sleuthing by Mt. Gox dispossessed throws up few clues

SINGAPORE: Some of those who have lost bitcoins in the collapse of Mt. Gox have turned to internet sleuthing to find out where their money has gone - but they're unlikely to have much luck.

That's because the crypto-currency is a lot more complex than it looks, even to those who believed in it enough to invest their savings, bitcoin experts say, illustrating the scale of the challenge facing investigators trying to unravel the multi-million dollar mess at what was once the world's dominant bitcoin exchange.

Forum websites like Reddit and internet relay chatrooms have attracted hordes of users as the Mt. Gox debacle unfolded in recent weeks. But their crowdsourcing investigations have uncovered little in the way of real evidence about what happened.

"The crowdsourcing so far has been a miserable failure," said Emin Gun Sirer of Cornell University, who posted his own analysis challenging several theories about what may have happened at Mt. Gox.

The problem, Gun Sirer and others say, is two-fold: users of such forums are not always methodical or disciplined in their research on one hand, and on the other, bitcoin's combination of transparency and complexity invites the unwary to draw false conclusions.

Mark Karpeles, the 28-year-old French CEO of Tokyo-based bitcoin exchange Mt. Gox, filed for bankruptcy on Friday admitting that some 850,000 bitcoins - worth more than $560 million at today's prices, and about 7 percent of all bitcoins minted - were missing. Karpeles blamed hackers for the theft, based on a so-called "malleability" bug in bitcoin software.

BLINKING

The collapse of Mt. Gox has left thousands of bitcoin users bereft. Driven in part by a desire to find the missing bitcoins, and in the absence of any solid explanation by Mt. Gox or Karpeles, Reddit users and others have shared links, studied bitcoin transactions and traded rumours online.

One forum, mtgox-chat, has become the starting point of much of the digging, so much so that a user claiming to be Serbian chose it to first share links to files apparently stolen from Mt. Gox's own servers, including computer code and what appeared to be a tape recording of a conversation between Karpeles and Japanese bankers in late January.

Some of the research, however, has been less useful.

One user on Reddit, for example, suggested that Karpeles had been blinking a hidden message in morse code during a press conference in Tokyo last Friday, prompting some to replay the video frame by frame to try to divine the message.

Other efforts have been more serious, and borne fruit.

A European in his late 20s who works in the legal profession and goes by the name of Aquentin ONLINE traced the movement of some of the bitcoin Karpeles had moved from one wallet to another back in 2011 as proof that Mt. Gox was insolvent.

His research, he said in an email interview, showed that these coins were among up to 200,000 moved again recently, in late December and in early February - indicating that not only were there bitcoins still somewhere in the system, but that they seemed to belong to Mt. Gox.

Aquentin's research was followed up by others, among them a PhD student in the UK who calls himself Oakpacific. Both declined to give their names or other identifying information.

Their conclusion: the movement of coins they investigated did not square with the explanation given by Mt. Gox that the exchange lost its coins to a malleability attack. Says Aquentin of their findings: "They show that at the very least we have not been told the whole truth."

Their conclusions have been, at least in part, backed up by more established figures. Ken Shirriff, a software engineer at Google who runs a blog at righto.com, analysed transactions in early February on Mt. Gox and raised questions about the company's claims that it had come under attack prior to February 7.

Shirriff was cautious in his conclusions, but he said in a blog post that the malleability attack he looked into could not have been responsible for Mt. Gox's problems at that time. Shirriff declined to be interviewed for this article.

IODINE

Indeed there are, potentially, rich pickings to be had from such research.

Because the transaction history of bitcoins is public, says Italian computer security researcher Stefano Zanero, it's possible for anyone to investigate. Moreover, if a bitcoin owner is not careful in detaching the keys - his PIN number - from anything that may identify him, he would effectively remove anonymity from a transaction.

But researching this is not easy, he warns. Zanero has with colleagues from Italy's Politecnico di Milano developed software called BitIodine which studies bitcoin transactions to cluster addresses likely to belong to the same user, or group of users.

BitIodine will be demonstrated at a financial cryptography conference in Barbados this week.

But he warns that even BitIodine only supports, but doesn't replace, any traditional investigative techniques - as well as requiring a lot of computing power and memory, not to mention analysts skilled enough to make sense of it.

"It's no silver bullet," he said in an email interview.

TOO MUCH INFORMATION

Indeed the problem with tracing bitcoins is almost too much information.

Bitcoin's ledger, called the blockchain, that records all transactions, makes public a chunk of information that would normally require many subpoenas to extract, Gun Sirer says. "So that's fantastic, but it's the perfect set-up for armchair experts to end up getting in over their heads," he said.

The danger arises when drawing links and patterns between wallets and transactions that are spurious, he says. From there to implicating unrelated people is a short and dangerous step.

Gun Sirer points to a paper by Israeli academics Dorit Ron and Adi Shamir published in November which inferred a relationship between Satoshi Nakamoto, the pseudonymous 'founder' of bitcoin, and the creator of Silk Road, a website for trading drugs. Silk Road was shut down by the FBI last October. Its alleged founder, Ross Ulbricht, has pleaded not guilty to charges including money laundering.

The paper was withdrawn after a cryptographer called Dustin Trammell said he owned the bitcoin address the researchers had uncovered.

"The crowds are capable of making far worse mistakes with bigger consequences," said Gun Sirer.

Indeed, Reddit is still smarting from last year, when its users misidentified two young men as suspects in the Boston Marathon bombings. Reddit later apologised for fuelling "online witchhunts and dangerous speculation."

LESSONS

Some users say the lessons from that episode have only been partly learned.

An Oklahoma-based soft drinks distributor called Michael Bennett dug up what he said were 29 wallets containing about 690,000 bitcoins traded heavily in the weeks leading up to February 24. But when he posted his findings on Reddit he found little interest in following up or joining him in doing more research.

"It's really showed just how poor the community is," he said in an online interview. "People just look for the juiciest leads, they want drama, they want excitement."

Emma, a 20-something female based in the United States, who frequents the mtgox-chat channel, says that in some ways it's understandable. She has 120 bitcoins stuck in Mt. Gox, which she had been buying since 2011. At current prices, that sum would pay off all her debts and allow her to go to college, she said.

Many of those in the chatroom, she said in an online interview, are simply struggling to find even the basic pieces of the puzzle, while at the same time smarting from having lost their savings.